Skip to Content

Notice

Notice of Issuance of Final Determination Concerning; Software Products

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document including its time on Public Inspection. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Enhanced Content

Relevant information about this document from Regulations.gov provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

U.S. Customs and Border Protection, Department of Homeland Security.

ACTION:

Notice of final determination.

SUMMARY:

This document provides notice that U.S. Customs and Border Protection (“CBP”) has issued a final determination concerning the country of origin of CIS Secure Computing, Inc.'s software products for use on mobile devices and on servers and other similar network devices. Based upon the facts presented, CBP has concluded that the software products are substantially transformed in the United States for purposes of U.S. Government procurement.

DATES:

The final determination was issued on August 7, 2019. A copy of the final determination is attached. Any party-at-interest, as defined in 19 CFR 177.22(d), may seek judicial review of this final determination no later than September 13, 2019.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

James Kim, Valuation and Special Programs Branch, Regulations and Rulings, Office of Trade (202) 325-0158.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Notice is hereby given that on August 7, 2019, pursuant to subpart B of Part 177, U.S. Customs and Border Protection Regulations (19 CFR part 177, subpart Start Printed Page 40428B), CBP issued a final determination concerning the country of origin of CIS Secure Computing, Inc.'s software products, which may be offered to the U.S. Government under an undesignated government procurement contract. This final determination, HQ H301776, was issued under procedures set forth at 19 CFR part 177, subpart B, which implements Title III of the Trade Agreements Act of 1979, as amended (19 U.S.C. 2511-18). In the final determination, CBP concluded that CIS Secure Computing, Inc.'s software products are substantially transformed in the United States for purposes of U.S. Government procurement.

Section 177.29, CBP Regulations (19 CFR 177.29), provides that a notice of final determination shall be published in the Federal Register within 60 days of the date the final determination is issued. Section 177.30, CBP Regulations (19 CFR 177.30), provides that any party-at-interest, as defined in 19 CFR 177.22(d), may seek judicial review of a final determination within 30 days of publication of such determination in the Federal Register.

Start Signature

Dated: August 7, 2019.

Alice A. Kipel,

Executive Director, Regulations and Rulings, Office of Trade.

End Signature

HQ H301776

August 7, 2019

OT:RR:CTF:VS H301776 JK

CATEGORY: Origin

John Turner, CTO

CIS Secure Computing, Inc.

21050 Ashburn Crossing Drive, Suite 145

Ashburn, VA 20147

RE: U.S. Government Procurement; Title III, Trade Agreements Act of 1979 (19 U.S.C. § 2511); Subpart B, Part 177, CBP Regulations; Substantial Transformation

Dear Mr. Turner:

This is in response to your letter, dated September 19, 2018, requesting a final determination on behalf of CIS Secure Computing, Inc. (“CIS Secure Computing” or “Company”), pursuant to subpart B of Part 177 of the U.S. Customs and Border Protection (CBP) Regulations (19 C.F.R. Part 177). As a U.S. importer, CIS Secure Computing is a party-at-interest within the meaning of 19 C.F.R. § 177.22(d)(1) and is entitled to request this final determination.

FACTS:

CIS Secure Computing requests a final determination on two software products that it intends to produce for government procurement purposes: software for use on mobile devices (“Mobile Device Software”), and software for use on servers and other similar network devices (“Server Software”). The Mobile Device Software includes a customized version of the Android operating system and mobile configuration management software, which provide advanced security features and functions to a mobile device. The Server Software includes configuration management software for remotely controlling certain functions and operations of a mobile device configured with the Mobile Device Software.

Both software products are produced in a four-step process that involves: (1) writing original source code, or modifying open source software code in the United States; (2) writing or modifying source code in Canada; (3) compiling the source code into executable object code in the United States; and (4) delivering the finished software to the purchaser. The source code will be written by the Company's employees at its offices located in Ashburn, Virginia and in Canada.[1]

In a submission dated May 21, 2019, CIS Secure Computing provided additional information on the processes involved in writing source code and compiling it into executable object code in steps (1) through (3).

Writing the source code for the Mobile Device Software will involve the following steps:

1. The Company's software developers in Ashburn, Virginia will download certain open source software code for the Android operating system, also known as Operating System code (“OS code”). The Company will modify the OS code and write original source code in Ashburn, Virginia. Modifying the OS code includes deleting or modifying one or more portions of the original source code to produce modified OS code.

2. The Company's software developers in Canada will access the modified OS code and the original source code stored in a collaborative software development environment and may further modify the OS code and write original source code.

3. In performing steps 1 and 2, software programmers write computer code using tools such as Android Studio, Eclipse and Text Editors. The software programmers may also write the computer code in C++, C, Java, Kotlin, Python and Perl programming languages. User interface designers design and write computer code for a graphical layout using tools such as Android Studio and Eclipse. Software developers modify Android Open Source Code Project (AOSP) build scripts using tools such as GNU Make and Blueprint.

4. Once the modified OS code and the original source code are completed, the Company will download all of the modified OS code and the original source code to computers located at its offices in Ashburn, Virginia. Completed code is checked into the Company's software repository for storage. The result of the combination will be the source code for the Mobile Device Software; however, it will not be executable software code.

Writing the source code for the Server Software will involve the following steps:

1. The Company's software developers in Ashburn, Virginia will write original source code. The original source code will be stored in a collaborative software development environment.

2. The Company's software developers in Canada will also write original source code. The original source code written by the Company's software developers in Canada will also be stored in the same collaborative software development environment.

3. In performing steps 1 and 2, software programmers write computer code using tools such as IntelliJ, Eclipse and Text Editors. The software programmers may also write the computer code in Scala, Java and JavaScript languages. User interface designers design and write computer code for a graphical layout using Angular JS and related tools such as Node, NPM, Bower and Grunt.

4. When the source code is complete, the Company will download all of the original source code to one or more computers in Ashburn, Virginia. Completed code is checked into the Company's software repository for storage. The downloaded original source code will comprise the source code for the Server Software; however, it will not be executable software code.

CIS Secure Computing will then perform a software build on computers located in its offices in Ashburn, Virginia. During this step, the source code for the Mobile Device Software and Start Printed Page 40429the Server Software will each be compiled into executable object code.

Compiling the source code into executable object code for the Mobile Device Software involves the following steps:

1. The Company's software developers in Ashburn, Virginia sign into a Jenkins build server and schedule a build action to perform the compilation process. The Jenkins build server also performs a nightly build action.

2. The Jenkins build server retrieves the latest version of the source code from the Company's software repository and, if needed, from a source code repository for AOSP.

3. The build server performs a compilation process using AOSP compilation tools such as gcc, Jack, Proguard and Python to compile the source code into object code for each relevant platform on Android ARM 32-bit CPU and ARM 64-bit CPU.

4. The Company's software developers perform work to address any incompatibilities or errors that emerge during compilation. If needed, they verify or rectify the source code, and may re-perform steps 1 through 3.

Compiling the source code into executable object code for the Server Software involves the following steps:

1. The Company's software developers in Ashburn, Virginia sign into the Jenkins build server and schedule a build action to perform the compilation process. The Jenkins build server also performs a nightly build action.

2. The Jenkins build server retrieves the latest version of the source code from the Company's software repository.

3. The build server performs a compilation process using a Scala build tool or Java compiler for the Linux platform to compile the source code into object code.

4. The build server transcodes and minifies [2] Javascript using a Grunt compiler.

5. The Company's software developers perform work to address any incompatibilities or errors that emerge during compilation. If needed, they verify or rectify the source code, and may re-perform steps 1 through 4.

As a final step, CIS Secure Computing will deliver the finished software to the purchaser. For the Mobile Device Software, the Company will load the object code onto mobile devices at its offices in Ashburn, Virginia. Then the Company will provide the mobile devices with the object code to the purchaser.

For the Server Software, CIS Secure Computing will deliver the object code to the purchaser in one of the following ways, depending on the purchaser's requirements: (1) the Company will load the object code onto a server device at its offices in Ashburn, Virginia and may provide the server device to a purchaser; (2) the Company will transmit the object code electronically to a purchaser server; and/or (3) the Company will load the object code to a storage medium, such as a CD or a disk drive, and may deliver the CD or disk drive containing the object code to the purchaser.

ISSUE:

Whether the Mobile Device Software and Server Software are substantially transformed in the United States for government procurement purposes.

LAW AND ANALYSIS:

CBP issues country of origin advisory rulings and final determinations as to whether an article is or would be a product of a designated country or instrumentality for the purposes of granting waivers of certain “Buy American” restrictions in U.S. law or practice for products offered for sale to the U.S. Government, pursuant to subpart B of Part 177, 19 C.F.R. § 177.21 et seq., which implements Title III of the Trade Agreements Act of 1979, as amended (19 U.S.C. § 2511 et seq.) (TAA).

Under the rule of origin set forth under 19 U.S.C. § 2518(4)(B):

An article is a product of a country or instrumentality only if (i) it is wholly the growth, product, or manufacture of that country or instrumentality, or (ii) in the case of an article which consists in whole or in part of materials from another country or instrumentality, it has been substantially transformed into a new and different article of commerce with a name, character, or use distinct from that of the article or articles from which it was so transformed.

See also 19 C.F.R. § 177.22(a).

In rendering advisory rulings and final determinations for purposes of U.S. Government procurement, CBP applies the provisions of subpart B of Part 177 consistent with Federal Acquisition Regulations. See 19 C.F.R. § 177.21. In this regard, CBP recognizes that the Federal Acquisition Regulations restrict the U.S. Government's purchase of products to U.S.-made or designated country end products for acquisitions subject to the TAA. See 48 C.F.R. § 25.403(c)(1). The Federal Acquisition Regulations define “U.S.-made end product” as:

. . . an article that is mined, produced, or manufactured in the United States or that is substantially transformed in the United States into a new and different article of commerce with a name, character, or use distinct from that of the article or articles from which it was transformed.

The issue in this case is whether the source code written for the Mobile Device Software and Server Software is substantially transformed in the United States when the Company performs a “software build” in the United States, i.e., compiles the source code written in Canada (along with source code written in the United States) into executable object code. At the outset, we note that “source code” and “object code” differ in several important ways. Source code is a “computer program written in a high level human readable language.” See, e.g., Daniel S. Lin, Matthew Sag, and Ronald S. Laurie, Source Code versus Object Code: Patent Implications for the Open Source Community, 18 Santa Clara High Tech. L.J. 235, 238 (2001). While it is easier for humans to read and write programs in “high level human readable languages,” computers cannot execute these programs. See Note, Copyright Protection of Computer Program Object Code, 96 Harv. L. Rev. 1723, 1724 (1983). Computers can execute only “object code,” which is a program consisting of clusters of “0” and “1” symbols. Id. Programmers create object code from source code by feeding it into a program known as a “compiler.” Id. In this case, the writing of source code in Canada (and the United States) involves the creation of computer instructions in a high level human readable language, whereas the software build performed in the United States involves the compilation of those instructions into a format that computers can execute.

CBP has consistently held that conducting a software build—compiling source code into object code—results in substantial transformation. For example, in HQ H268858, dated Feb. 12, 2016, four software products were produced using the same three-step process: (1) writing the source code in Malaysia; (2) compiling the source code into usable object code in the United States; and (3) installing the finished software on U.S.-origin discs in the United States. CBP held that all four software products were substantially transformed in the United States, finding that the software build conducted in the United States was sufficient to create a new and different article with a new name, Start Printed Page 40430character, and use. See also HQ H243606, dated Dec. 4, 2013 (source code programmed in China and then compiled into object code in the United States was substantial transformation).

Consistent with the rulings cited above, we find that the Mobile Device Software and Server Software are substantially transformed in the United States as a result of the software build: the name of the product changes from source code to object code, the character changes from computer code to finished software, and the use changes from instructions to an executable program.

HOLDING:

Based on the information provided, the Mobile Device Software and Server Software are substantially transformed in the United States for U.S. government procurement purposes.

Notice of this final determination will be given in the Federal Register, as required by 19 C.F.R. § 177.29. Any party-at-interest other than the party which requested this final determination may request, pursuant to 19 C.F.R. § 177.31, that CBP reexamine the matter anew and issue a new final determination. Pursuant to 19 C.F.R. § 177.30, any party-at-interest may, within 30 days after publication of the Federal Register notice referenced above, seek judicial review of this final determination before the Court of International Trade.

Sincerely,

Alice A. Kipel,

Executive Director, Regulations and Rulings, Office of Trade.

End Supplemental Information

Footnotes

1.  In your original submission dated September 18, 2018, you stated that the writing of source code in Canada was performed by a contract Canadian software development company. In your submission dated May 21, 2019, you stated that CIS Secure Computing had completed acquisition of this contract Canadian software development company, and that any software writing, software compilation, or other operations that were originally described as performed by the Canadian software development company are now performed by employees of CIS Secure Computing.

Back to Citation

2.  Minification refers to the process of removing unnecessary or redundant data without affecting how the resource is processed by the browser - e.g., code comments and formatting, removing unused code, using shorter variable and function names, and so on. See https://developers.google.com/​speed/​docs/​insights/​MinifyResources (last accessed August 6, 2019).

Back to Citation

[FR Doc. 2019-17377 Filed 8-13-19; 8:45 am]

BILLING CODE 9111-14-P